CVE-2017-8516
Description
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka Microsoft SQL Server Analysis Services Information Disclosure Vulnerability.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.6
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 Service Pack 3 CU (KB4019090) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 Service Pack 3 CU (KB4019090) x64 bases systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 SP3 (KB4025925) x64 bases systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 SP3 (KB4025925) x86 based systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 1 GDR (KB4019091) x64 bases systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 1 GDR (KB4019091) x86 based systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 1 CU (KB4019099) x64 bases systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 1 CU (KB4019099) x86 based systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB4019092) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB4019092) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB4019092) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB4019092) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 2 GDR (KB4019093) x64 bases systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 2 GDR (KB4019093) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 2 CU (KB4019094) x64 bases systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2014 Service Pack 2 CU (KB4019094) x86 based systems | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2016 RTM CU (KB4019086) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2016 RTM GDR (KB4019088) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2016 Service Pack 1 CU (KB4019095) | Windows |
| Microsoft SQL Server Analysis Services Information Disclosure Vulnerability for SQL Server 2016 Service Pack 1 GDR (KB4019089) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-22961 | Security update for SQL Server 2012 Service Pack 3 CU (KB4025925) |
| PATCH-22963 | Security update for SQL Server 2012 Service Pack 3 CU (KB4025925) 64 bit |
| PATCH-22962 | Security Update for SQL Server 2012 SP3 (KB4025925) 64 bit |
| PATCH-22960 | Security Update for SQL Server 2012 SP3 (KB4025925) 32 bit |
| PATCH-22969 | Security update for SQL Server 2014 Service Pack 1 GDR (KB4019091) 64 bit |
| PATCH-22968 | Security update for SQL Server 2014 Service Pack 1 GDR (KB4019091) 32 bit |
| PATCH-22971 | Security update for SQL Server 2014 Service Pack 1 CU (KB4032542) 64 bit |
| PATCH-22970 | Security update for SQL Server 2014 Service Pack 1 CU (KB4032542) 32 bit |
| PATCH-22965 | Security update for SQL Server 2012 Service Pack 3 GDR (KB4019092) |
| PATCH-22967 | Security update for SQL Server 2012 Service Pack 3 GDR (KB4019092) 64 bit |
| PATCH-22966 | Security update for SQL Server 2012 Service Pack 3 GDR (KB4019092) 64 bit |
| PATCH-22973 | Security update for SQL Server 2014 Service Pack 2 GDR (KB4019093) 64 bit |
| PATCH-22975 | Security update for SQL Server 2014 Service Pack 2 CU (KB4036996) 64 bit |
| PATCH-22974 | Security update for SQL Server 2014 Service Pack 2 CU (KB4036996) 32 bit |
| PATCH-22976 | Security update for SQL Server 2016 RTM CU (KB4019086) 64 bit |
| PATCH-22977 | Security update for SQL Server 2016 RTM GDR (KB4019088) 64 bit |
| PATCH-22978 | Security update for SQL Server 2016 Service Pack 1 CU (KB4019095) 64 bit |
| PATCH-22980 | Security update for SQL Server 2016 Service Pack 1 GDR (KB4019089) 64 bit |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234